ATT Uverse RG Bypass (0.2 BTC)
-
so DHCP doesn't work with a dumb switch then. its the vlan tagging playing part of it.
-
I'm using a dumb switch. DHCP works with it.
-
Random003 With pfsense?
I tried both pfsense and opnsense with a dumb switch. Was unsuccessful getting it to pull an ip. No issues with utm or an asus router and dumb switch. So it's something with pfsense and opnsense too as that didn't pull it either. I'd say the mac is getting spoofed because when set statically there is internet connectivity.
The dslr thread points to vlan priority being set. Maybe that has something to do with it.
-
Yes with pfsense version 2.4.2-RELEASE-p1 (amd64).
I'm spoofing the mac. The rest of the wan settings are default I think.
https://imgur.com/a/5qla4UI
-
^^How odd. What nic is your wan interface using? Mine was intel based (igb), specifically the i340-t4 card (in pci passthrough mode with exsi).
I think it would be useful to figure out why the dumb switch method works for some but not others with pfsense. What I didn't try was using the same nic as a virtual (vmxnet3) adapter.
-
NIC is Intel 82574L. I run pfsense on bare metal. I think the switch is a HP Procurve 1410-16G.
-
I don't think thats a dumb switch. I'm running my pfsense on a supermicro atom board with onboard intel nics, baremetal. Only set the spoofed mac on the WAN, and IP to dhcp using a netgear GS105. Nothing I did got DHCP to pull an IP, minute i statically assign a WAN IP, its fine.
I do have a Procurve 2848 managed switch, I was going to try taking 3 ports on there and creating a VLAN to try but guessing i'd have to move all the ports off the default VLAN 1?
-
@All
If you are trying to use the "dumb switch" method you can't use any REAL switch. Apparently the 802.1D standard doesn't pass 802.1x packets and will drop them.
Some reported and tested switches are as follows:
TL-SG2008 (I personally used this until about a month ago when I started to experience packet loss and other issues forcing me to be PassThrough on the AT&T RG itself)
GS108Ev3 (Reported by others with success)All of this knowledge and information comes from a MASSIVE thread at http://www.dslreports.com/forum/r29903721-AT-T-Residential-Gateway-Bypass-True-bridge-mode if you folks haven't read it yet.
-
This thread originally was for getting the eap_proxy working on pfsense. Has that just been given up on? It would really be nice if we could get a hands-off method working.
-
How do you figure the dumb switch method works with other firewall such as sophos utm, or even a basic rtac68u router, but not pfsense for some?
-
-
Should work all the same if you have the ability to spoof your AT&T RG MAC on the device you are trying.
It does work, when ip is assigned statically, but won't pull via dhcp.
-
I've been bypassing my RG (now powered off and unplugged) for at least 6 months using the very first method described in the dslreports thread with a GS108 switch. I'm using a Netgate SG-4860. DHCP works fine with the spoofed MAC address, but IPv6 requires either pfsense 2.4.3, or using a patch to enable DUID-EN (https://github.com/pfsense/pfsense/pull/3889).
See this post by the author of the patch for more details on getting IPv6 to work bypassed: https://github.com/pfsense/pfsense/pull/3889
Hope this helps…it would definitely be great if we could get something like the eap_proxy approach to work on pf.
-
The GS108 is pretty much the same switch I have tried it with, (GS105. just 3 less ports) only static with pfsense worked for me. What exactly are you changing in the WAN settings of pfsense thats allowing yours to pull a DHCP IP?
-
Has anyone worked on a solution (other than the dumb switch method) for OpenBSD, by chance? I was thinking PF could just redirect EAPOL traffic to the RG but it looks like it can only filter on layer 2 on bridge interfaces (and even then, only by MAC address).
-
Has any more work been done on either the eap_proxy or the ng_ package?
-
@bulldog5 said in ATT Uverse RG Bypass (0.2 BTC):
The GS108 is pretty much the same switch I have tried it with, (GS105. just 3 less ports) only static with pfsense worked for me. What exactly are you changing in the WAN settings of pfsense thats allowing yours to pull a DHCP IP?
Not sure if you've already tried this, but I was having the same problem with OPNsense where static IP worked, but it wouldn't pull the IP w/ DHCP. I had been flipping the VLANs (from Pace GW & ONT to my FW & ONT) when I was using an Asus router and that worked with DHCP, but not with OPNsense.
I recently tried swapping the cables on the switch instead of changing VLANs and for some reason that works with DHCP. It hasn't been long enough for me to see if it will work past the 14 day mark, but it's at least working initially.
-
@danieljay23 said in ATT Uverse RG Bypass (0.2 BTC):
Has any more work been done on either the eap_proxy or the ng_ package?
I'm also hoping someone figures out a way to make this work in FreeBSD with an EAP proxy or something like that. Nothing I've tried seems to work except the switch method.
-
Hi all!
Apologies for the delays, but I finally got around to cleaning up my notes on pfSense + netgraph. Hopefully this helps you guys. Thanks again to @rajl for trailblazing most of this!
Working:
True Bridge mode
IPv6
Survives reboots / power outages
Survives re-authentications
DHCP lease expirations
No performance impacts
Physical hardware
Virtual machine
Multiple gatewayshttps://github.com/aus/pfatt
Now someone just needs to package this into a pretty pfsense package.
-
@aus I've been patiently waiting for this...Congrats and Thank You!! Want to tackle this very soon on 2.4.4 (11.2 bsd). Hopefully, pfsense pros integrate a bypass function easily operated with a checkbox and MAC cloning. Thanks again for your work...